Travelport Travel Commerce Platform privacy policy for the GDS

Privacy policy

Welcome to this Travelport website. We at Travelport recognize the importance of protecting the privacy of personal data or personally identifiable information ("Personal Information") about the individual travelers that we process in the global distribution systems of our Travel Commerce Platform. The following Privacy Policy discloses what information we gather, how we use it, and how to correct or change it. Please note, however, that we may update and amend this Privacy Policy from time to time.

At Travelport, we want to give you an understanding about how we collect your information and the use we make of it in the course of our business.

Travelport's Travel Commerce Platform

Travelport recognizes that many countries have adopted laws that apply to Personal Information about individual travelers that we process in the global distribution systems ("GDS Personal Information") of our Travel Commerce Platform, including our Apollo™, Galileo™, and Worldspan™ global distribution systems. We refer to each of these systems as a "Travelport GDS". This section of our Privacy Policy describes how we collect, use, store and process GDS Personal Information. This section of our Privacy Policy applies globally except where a more specific policy is required by national requirements, such as in Russia (click here to view our privacy policy for Russian points of sale) and California (click here to view our privacy policy for Californian residents).

This section of our Privacy Policy does not cover how travel providers, such as an airline, car rental company, or a hotel (a "Travel Provider"), handle Personal Information. It also does not cover the Personal Information activities of a travel agency or other company that subscribes to a Travelport GDS (a "Subscriber") (click here to view our business partners’ privacy policy). It also does not include Personal Information about users obtained through our public websites (click here to view the privacy policy for Travelport websites). We recommend that travelers should carefully review the privacy policies of their Travel Providers and Subscribers.

As illustrated in the graphic below, our Travel Commerce Platform is a technology infrastructure used for the distribution of travel services. Many travelers engage traditional or online travel agencies, known in our industry as Subscribers, for assistance in managing their travel. Subscribers use the GDS component of our Travel Commerce Platform to identify and price travel alternatives and to purchase the traveler's selection. We then advise the relevant Travel Providers about the sale of their services.

International transfers of GDS personal information

Travelport does most of its processing of GDS Personal Information in Travelport data centers located in the United States of America, a country whose legal system has not received an adequacy decision from the European Commission. We recognize that the European Economic Area and Switzerland have data protection laws that restrict the transfer to the United States of GDS Personal Information, unless there is "adequate protection" for such information when it is received in the United States. To address this restriction as applied to GDS Personal Information, Travelport has implemented the European Commission's model contracts within the Travelport group. A copy of these model contracts can be requested using the contact details set out in the section on “Data access and correction requests and other questions” below.

Our model contract implementation benefits all travelers whose data is collected in relation to Travelport’s EU based activities and is transferred from the EEA or Switzerland to the United States. Further, any transfer of GDS Personal Information will also rely on safeguards put into place by the Travel Provider and Subscriber, each of whom can provide more information on their respective safeguards.

Collection, use and disclosure

Travelport obtains GDS Personal Information when a Travel Provider or a Subscriber submits such data to a Travelport GDS. We also receive GDS Personal Information when an individual traveler submits data to us directly; however, this occurs only in limited circumstances. The types of GDS Personal Information that we obtain is the typical information that you provide when you travel.

This information includes:

Name

Date of birth

Gender

Postal address

e-mail address

Telephone number

Credit card and payment information

Travel and accommodation details

Passport information

Special travel requests, such as a request for a wheelchair or a special meal

To the extent sensitive personal data (e.g. health or religious data) are processed, the explicit consent of the traveler or its equivalent will be obtained from the traveler by the Subscriber or Travel Provider. Such consent can be withdrawn by the traveler at any time, without affecting the lawfulness of processing based on such consent before its withdrawal.

We use GDS Personal Information to help create and perform the underlying contracts between travelers and Travel Providers and Subscribers. We consequently disclose GDS Personal Information to those entities, as well as to the processors that act on their behalf. We also process GDS Personal Information for our legitimate business interests. More specifically, we use GDS Personal Information to:

Process travel bookings

Provide Subscribers and Travel Providers with access to travel information

Make and change travel reservations

Perform billing and accounting functions related to the travel

Perform internal business processes (such as testing, quality assurance, and product development and enhancement)

Issue tickets and other travel-related documents on behalf of travelers

We also disclose GDS Personal Information to vendors that perform functions on our behalf, including suppliers of software development services, business processing service providers, contact center service providers, and computer maintenance providers. We contractually require these vendors to maintain appropriate protections for GDS Personal Information and to only process such data in accordance with our instructions.

We may also process and disclose GDS Personal Information when lawfully requested by public authorities, including requests based on national security or law enforcement requirements; for credit card processing, authentication, and fraud prevention; or as otherwise required or permitted by law, subpoena, or regulation. We do not sell GDS Personal Information for purposes of allowing third parties to conduct direct marketing for their own products or services.

If you do not provide the data as described in this policy, such action may disrupt, delay, cancel or increase the cost of your travel.

Data security and integrity

Travelport maintains reasonable measures to protect GDS Personal Information from loss, misuse, and unauthorized access, disclosure, alteration and destruction. Travelport also takes reasonable steps – to the extent reasonably possible in the context of our role as an intermediary between Travel Providers and Subscribers – to keep GDS Personal Information accurate, current, complete, and reliable for its intended use.

Data retention

Travelport retains GDS Personal Information no longer than is necessary to comply with legal obligations and to fulfil legitimate business and compliance purposes. GDS Personal Information is destroyed no more than 36 months after the completion of the last travel transaction in the reservation.

De-personalized data

Travelport analyzes, uses, discloses, and processes statistical and other data in de-personalized (anonymized) form that Travelport obtains or generates in connection with its Travelport GDS business. This data is used to identify trends and other activities in the travel industry.

Information from minors

Travelport GDS services are not intended for use by minors. We do not knowingly collect GDS Personal Information from any minor child.

Data access and correction requests and other questions

European data privacy laws grant European Travelers certain rights with respect to the:

Access

Rectification

Erasure

Portability

Restriction or objection to processing of their own GDS Personal Information

As a practical matter, travelers may first wish to contact their Travel Providers or Subscriber as the most efficient means of addressing any issues in these areas. Travelers may direct any other requests (including requests for applicable model clauses), questions or complaints relating to their own GDS Personal Information to Travelport at privacy@travelport.com or to the Data Protection Officer at the addresses specified below. Travelport retains the right to use reasonable measures to authenticate the identity of any traveler who makes a request in respect of their GDS Personal Information or otherwise raises any questions.

Once we receive your inquiry we will investigate the matter and respond to you promptly. We will endeavor to do this within 30 days. If this is not possible, we will endeavor to contact you and let you know about a revised timeframe.

Dispute resolution

If any European Traveler experiences an issue regarding GDS Personal Information that the European Traveler cannot resolve directly with Travelport, such traveler has a right to lodge a complaint with their local Data Protection Authority.

Publication and effective date

This policy is published by Travelport, LP on behalf of the Travelport group companies. Travelport, LP is a Delaware USA limited partnership with its principal place of business located at 300 Galleria Parkway, Atlanta, Georgia 30339, USA, T: +1 770-563-7400, F: +1 770-563-7878. We may update this policy from time to time and will post a prominent notice to inform users about significant changes.

Effective Date

Effective Date: This policy was last updated on 1 January 2020. See below archive to view prior versions.